Five Security Considerations when Deploying EMR

David Ting
Feb 03, 2012

EMRs are the hot topic du jour and rightfully so with the tax incentives and federal grants tied to them, as well as the overall efficiencies they bring to the healthcare industry. The conversation is only now starting to talk about the role of secure access in deploying EMRs, and I project this will increase in importance and awareness in 2010.

To stay ahead of things, here are five security considerations organizations should plan for as they deploy EMRs:

The User’s Perspective is Vital

Just because this patient information is moving to an electronic format, doesn’t mean the complexity and number of passwords decreases to access data. It is important to consider how this migration will impact clinician workflow, as any hiccup/disruption in the healthcare setting can be detrimental to patient data security. Single sign-on technologies, for instance, not only decrease the amount of passwords to remember, but they also have a direct impact on user workflow and productivity improvements.

Strong Authentication Remains a Secure Priority

Combining EMRs with employee workflow improvements can be further augmented by utilizing strong authentication, fingerprint biometrics and other modes of two-factor authentication, such as proximity badges, to ensure secure access is limited to those who are truly authorized. Readers of this blog already know the importance of strong authentication—its role and value to the healthcare sector will be vital to data security as EMRs become more widespread.

Auditing of Access is a Patient Right

Patients have the right to know who has accessed his/her information and when, and by law, healthcare organizations are required to track this information. Organizations need to be sure they have a system in place that can quickly and easily report on healthcare access management details including: password sharing, what applications users are authorized to access, and what credentials they are using.

Compliance is Still King

Let’s not forget that, although hospitals are being incented to use EMR, this transition cannot be made at the expense of compliance. Government mandates such as the Health Insurance Portability and Accountability Act (HIPAA) were put in place to protect patient information. Electronic medical records are more efficient than paper-based systems, but that shift brings with it a new environment that must be proven secure, otherwise there could be risk fines, penalties and/or reputational damage.

Federation of Identities Equates to a New Level of Required Trust

Federated identity establishes a mutual trust between organizations and systems, enabling the portability of identity information between systems and thus allowing secure access. This plays a central role in the expected efficiencies of EMRs because of the various requirements for patient data privacy, secure access and compliance. This emphasizes the need for secure authentication within one’s own system in order to ensure that trust with other systems can be guarantted and benefits can be realized.